Slashdot: Did Microsoft Hide Key Data Flow Information In Plain Sight?

Sep 27, 2025

—

Source URL: https://news.slashdot.org/story/25/09/27/1819239/did-microsoft-hide-key-data-flow-information-in-plain-sight?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Did Microsoft Hide Key Data Flow Information In Plain Sight?

Feedly Summary:

AI Summary and Description: Yes

Summary: The report reveals significant concerns regarding Microsoft’s management of policing data within its cloud infrastructure, particularly related to data sovereignty and the company’s lack of transparency about its international data flows. This is crucial for compliance and security professionals dealing with sensitive law enforcement data.

Detailed Description: The text highlights serious issues surrounding Microsoft’s handling of data for UK police under its Office 365 infrastructure. Here are the major points of significance:

– **International Data Flows**: Microsoft processes policing data in over 100 countries, which raises questions about the security and compliance of this data.
– **Lack of Transparency**: Microsoft has reportedly withheld important information from the Scottish Police Authority (SPA) and Police Scotland concerning its international data transfers, complicating compliance with data protection laws.
– **Data Protection Act Compliance**: The inability of the SPA and Police Scotland to ensure adherence to Part Three of the Data Protection Act 2018 (DPA18) due to the unavailability of Microsoft’s risk assessments poses a serious legal risk.
– **Sovereignty of Data**: Microsoft has admitted it cannot guarantee the sovereignty of policing data processed within its services, echoing earlier statements regarding European data.
– **Access by Microsoft**: An independent security consultant reported that Microsoft can access customer data from 105 different countries, employing 148 sub-processors, which could expose sensitive information to various jurisdictions.
– **Due Diligence Issues**: The fragmented distribution of information across non-indexed webpages creates barriers for security professionals attempting to perform due diligence on data protection measures.

This report underscores the critical need for transparency and robust compliance mechanisms when using cloud services for sensitive data, particularly in the context of law enforcement, raising important considerations for security and data protection professionals.

01 1 10 2 3 4 5 7 a access Act age AI and art as assessment assessments at ated authority availability AWS Bi by C CERN CI CIA Cloud cloud infrastructure cloud service cloud services co compliance compliance mechanisms concerns Context core CoT critical cross custom Customer customer data D data data flow data flows Data Protection data protection laws data protection measures data sovereignty data transfer data transfers de DoT due diligence e E 3 end enforcement EU Europe European exp for g Gen H handling high Highlight HR http HTTPS in information infrastructure inter intern international data transfers io issue J jurisdiction k Key l land law Law Enforcement law enforcement data led Legal Li Link low M man management measures Micro Microsoft N nation national data new news no non o of off Office 365 on ons ory oS oss out over per point policing pro process processes processor processors professionals protection protection measures ps Q question R rag Raise raising RCE re report Risk Risk Assessment risk assessments Ro RoT s SD sec security security and compliance security professionals sensitive data sensitive information service services side Sig source sovereignty SSE SSO state T ted text the to Tor TP transparency trie UK UN under US uth V web WebP Wi x